Fixing Security Flaws Isn't Just Microsoft's Responsibility

News Analysis: Microsoft gets hit hard with criticisms of its inability to adequately protect its users. But a recent study from the SANS Institute indicates users and software developers may also be at fault. It's time for IT managers and individual users to take responsibility for updating and patching all their applications and operating systems in a timely manner.

In the world of PC computing, it's fashionable to beat on Microsoft for all
the security issues that have plagued the space. Whether it's Apple mocking
Windows security in its "I'm a Mac, I'm a PC" ads or countless
security experts performing research on all the issues facing Windows, at least
some are pointing to Microsoft's OS as the culprit behind all their security
problems.
It's a common point of reference for those who love Macs. And it's a
"go-to" for those who want to blame the spyware breakout on someone
other than themselves.

According to a report from the SANS Institute, client-side software that users
haven't patched has become a major problem as security companies try to battle
malicious hackers. That has led to "waves of attacks" hitting PCs and
impacting everyone from consumers to major enterprises, the SANS Institute
contends.

"On average, major organizations take at least twice as long to patch
client-side vulnerabilities as they take to patch operating system
vulnerabilities," SANS reported. "In other words, the highest-priority
risk is getting less attention than the lower priority risk."

Assuming what the SANS Institute has found is indeed true, it's not beyond the
realm of reason to say Microsoft might not be the biggest problem in the
Windows ecosystem. Granted, hackers are attacking Windows PCs because there are
more of them and they are arguably easier to break into than PCs running other
operating systems. But some of the culpability in security outbreaks must rest
with users and IT managers who take far too long to patch their applications.

Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis' Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.